I am suspicious of my FP4 phone having been hacked.
What happened:
-
while IMG-e-1.6-s-20221129238946-stable-FP4.zip was already available on images.ecloud.global/stable/FP4/ for at least a week, using the Updater did not provide access to the newer version, it always said that there were no newer updates available. The installed version at that time was IMG-e-1.5.1-s-20221102231514-stable-FP4.zip
-
when doing a regular update from F-Droid, it first updated F-Droid, then it offered to update LibreOffice viewer (I do not remember whether I even had it installed anymore, I remember removing it due to a warning that it was using some outdated, unsafe libraries).
-
after updating LibreOffice Viewer, F-Droid issued a warning that it was outdated and suggested to de-install it. However, the de-installation did not work and after checking in Settings → Apps → All Apps → LibreOffice Viewer, the app did not allow to deinstall, just to “Force stop” and “Disable” itself. This is not the normal behavior of LibreOffice Viewer as I remember it from earlier.
What I did then:
-
after the above, I did a factory reset in the hope, after a factory reset the misbehaving app would have disappeared. However, the LibreOffice Viewer survived the factory reset and was still not deinstalleable.
-
I then did a manual download and (re)installation of /e/OS IMG-e-1.5.1-s-20221102231514-stable-FP4.zip as described under https://doc.e.foundation/devices/FP4/install, in the hope that this would overwrite any existing installation. However, the LibreOffice Viewer survived also this procedure.
-
I then manually deinstalled LibreOffice Viewer with “pm uninstall -k --user 0 org.documentfoundation.libreoffice”, this seemed to work, LibreOffice Viewer did not reappear also after restarting the device.
-
after that, I did a manual download and installation of /e/OS IMG-e-1.6-s-20221129238946-stable-FP4.zip. The LibreOffice Viewer did not reappear anymore
My questions:
-
Did anybody experience the same behavior regarding an update to /e/OS 1.6 (not available from /e/OS 1.5.1)?
-
Just to verify: I assume that LibreOffice Viewer does not belong to the /e/OS preinstalled apps also on /e/OS 1.5.1, is this correct? (I did not find it listed on the /e/OS documentation and I have never seen it appear before, but just to verify)
-
can anybody provide an alternative explanation why LibreOffice Viewer behaved in this strange way? As its version was declared an “alpha” version (6.1.0.0.alpha0+/484d0ea842da), could the observed behavior be due to a problem in its package rather than a hacking attempt?
-
On a normal PC, if I suspect a hacking, I would overwrite the disk with zeroes or random numbers and then install everything from scratch. What would be the best equivalent procedure on an android-based Smartphone? I distrust just reformatting as malicious code has been known to survive such procedures, but I would not know what I could overwrite via adb shell and what I need to preserve to avoid completely bricking the device.
-
I seem to have a misunderstanding what a manual installation does, I was assuming that all system and data will be overwritten by the provided image files, but this seems to be incorrect. Can anyone point me to a good link which provides details, particularly how the above could happen?
Regain your privacy! Adopt /e/ the unGoogled mobile OS and online services